North Korea Uses US Tech for ‘Destructive Cyber Operations’

North Korea’s senior leadership has been exploiting loopholes in international sanctions to obtain the U.S. technology that Pyongyang uses to conduct “destructive cyber operations,” according to a global cyberthreat intelligence company.

Recorded Future, based in Massachusetts, found that while export bans and restrictions are somewhat effective in keeping North Korea from acquiring technology for its nuclear weapons program, sanctions fail when it comes to regulating computer products from entering into North Korea.

“Because of the globalized nature of technology production and distribution, the traditional export control is not really working for [computer] technology,” said Priscilla Moriuchi, one of the authors of “North Korea Relies on U.S. Technology for Internet Operations.” “It may work quite well for ballistic missile parts or fissile material, but the system is not designed to limit technology transfer, and it’s not optimized for that.”

​Upcoming summit

In the report, Moriuchi and her co-author, Fred Wolens, call for a “globally robust unified effort to impose comprehensive sanctions” on North Korea, warning that without this Pyongyang “will be able to continue its cyberwarfare operations unabated with the aid of Western technology.”

The report was released days before North Korean leader Kim Jung Un and U.S. President Donald Trump are scheduled to meet in Singapore for a summit focused on ending the North’s nuclear weapons program in exchange for economic incentives and security guarantees.

But some consider North Korea’s cyberthreat capabilities as damaging as the threat of its nuclear weapons, Morgan Wright, a former a senior adviser in the U.S. State Department Antiterrorism Assistance Program, wrote in The Hill.

Even as advance teams prepared for the June 12 summit, North Korean cyberattacks continued, Moriuchi told Cyberscoop. On May 28, it reported the Department of Homeland Security and the FBI released a joint alert about Hidden Cobra, which is associated with North Korea’s hacking activities.

FireEye, a Silicon Valley cybersecurity company, detected cyberattacks by Lazarus, the North Korean hacking effort responsible for stealing millions of dollars from the Bangladesh Central Bank in 2016. Lazarus is also believed responsible for the 2014 Sony Picture’s hack and last year’s WannaCry ransomware attack.

​Defining ‘luxury goods’

How did U.S. technology reach North Korea? Part of the answer lies in “international inconsistencies in the definition of the term ‘luxury goods,’” according to the Recorded Future report. The U.S. “effort to restrict technology exports at the national and international level” has not reaped results because of “varied definitions by nations and [their] inconsistent implementations,” said Moriuchi, a former East Asia analyst for the National Security Agency.

While the United Nations did not include electronics in Resolution 2321, which covered exports to North Korea, when it was issued in 2016, each member nation was allowed to interpret luxury goods. The U.S. has defined luxury goods to include laptop computers, digital music players, large flat-screen televisions and electronic entertainment software. China, in particular, does not “honor the luxury goods listed by other countries when it exports to” North Korea, according to the report.

US exports OK

Another factor is that for seven years in the period spanning 2002 to 2017, “the United States allowed the exportation of ‘computer and electronic products’ to North Korea,” according to the report. The total for those seven years was more than $430,000 of legal exports, and according to Recorded Future, “at its peak in 2014, the U.S. exported $215,862 worth of computers and electronic products to North Korea.”

The Recorded Future report, citing the U.S. Department of Commerce (DOC), said that category includes “computers, computer peripherals (including items like printers, monitors and storage devices), communications equipment (such as wired and wireless telephones), and similar components for these products.”

Much of that equipment remains in use, according to Recorded Future, and North Korea’s ruling elites, including party, military, and intelligence leaders and their families, have long been known to use products manufactured by U.S. companies such as Apple, Microsoft and IBM to access the internet.

A third element in how the U.S. tech went astray is what the report called North Korea’s “sophisticated sanctions evasion operation, which uses intermediaries and spoofs identities online.”

As an example, the study points to North Korea’s shell company Glocom with which Pyongyang “used a network of Asian-based front companies to buy computer components from electronic resellers, and the payment was even cleared through a U.S. bank account.” The United Nations found that Glocom was tied to Pan Systems Pyongyang, whose director, Ryang Su Nyo, reports to Liaison Office 519 in the North Korean intelligence agency’s Reconnaissance General Bureau.

​Just like us

North Korea’s elites surfed and browsed just like users outside North Korea until recently when the Recorded Future researchers found “a stark change” in the elite’s usage patterns as they “migrated almost completely” from Facebook, Google and Instagram “to their Chinese equivalents — Alibaba, Tencent and Baidu,” and over the course of a few months “dramatically increased” their use of internet obfuscation services, such as virtual private networks (VPN), virtual private servers (VPS), transport layer security (TLS) and the Onion Router (Tor).

While tracking the change in activity from December 2017 to April 2018, researchers found “the overwhelming presence of American hardware and software on North Korea networks and in daily use by senior North Korean leaders.”

While U.S. exporters are responsible for understanding and adhering to export regulations, the study indicates even the implementation of robust compliance procedures were insufficient in preventing banned U.S. computer products from reaching North Korea.

U.S. export enforcement rests with the Office of Foreign Asset Control, the Office of Export Enforcement and Homeland Security Investigations. The U.S. is one of the only countries that enforces its export laws outside of its national boundaries, placing federal agents in foreign countries to work with local authorities.

Widespread international sanctions were imposed beginning in 2006, when North Korea conducted its first nuclear weapons test. In response, the U.N. passed two resolutions (Resolution 1695 and 1718) banning a broad range of exports to North Korea by any U.N. member states. The U.N. subsequently expanded those sanctions through a number of resolutions that prohibit and restrict exporting items ranging from missile material to oil to North Korea.

The case of ZTE

The Recorded Future report mentions Chinese manufacturer ZTE (Zhongxing Telecommunications Equipment) as a case where the implementation of export regulation failed, pointing out that the U.S. had the chance to enforce its export laws when the company was under Export Administration Regulation (EAR), a dense set of laws regulating exports.

ZTE was initially placed on the so-called Entities List for violating U.S. sanctions for selling products containing U.S. goods to Iran and North Korea in March 2016. For two years, the company and the U.S. government attempted to reach an agreement over penalties and how to verify that ZTE had stopped violating U.S. sanctions.

The Department of Commerce (DOC) ended the negotiations and imposed a denial order that banned U.S. companies from selling to ZTE for seven years.

In May, the DOC lifted the denial order, which would have put ZTE out of business, and allowed ZTE to purchase components from U.S. companies. The move came after threats of a trade war and Trump’s intervention.

Moriuchi said if the U.S. had let ZTE fail, it would have sent “a huge message to the rest of the world that there is no [company] too big to fail” and that “the U.S. government takes export control very seriously.”

In the end, “an opposite message ended up being sent with the administration’s deal with China, and that there are companies too big to fail especially if that company … has significant interest with the United States,” she said, adding the case demonstrated that “you can circumvent U.S. export control as a company and in the end, survive.”

The U.S. enforces its export laws through the DOC and regulates them through EAR, which not only restricts commercial goods and technologies from reaching hostile countries but also regulates the re-export of U.S. goods and technologies from one foreign country to another.

Until 2008, U.S. sanctions prohibiting exports to North Korea were implemented through the Trading with the Enemy Act, through which the U.S. government banned any exports to designated countries including North Korea.

Subsequently, the Obama administration issued the North Korea Sanctions Regulations and a number of Executive Orders (13551, 13570, 13687, and 13722) to further prohibit various measures, including exports of “goods, services or technology to North Korea.”

Additionally, numerous U.S. sanctions were imposed against North Korea under Trump’s “maximum pressure” campaign, especially in 2017 during Pyongyang’s nuclear weapons and ballistic missiles tests, which also saw the U.N. issue new sanctions.